Compliance & Security IT Manager
Role details
Job location
Tech stack
Job description
- Compliance & Security IT Manager (Onsite | Las Vegas, NV), We're seeking a highly skilled and hands-on Compliance & Security IT Lead
to lead onsite technology operations for a fast-growing, publicly traded software company. This role is ideal for someone who thrives in a collaborative, high-performance environment - balancing technical execution with operational leadership and compliance oversight.
As the onsite Compliance & Security IT Lead, you'll ensure system reliability, maintain compliance, and deliver exceptional end-user experiences across a modern cloud-based environment.
Own all IT compliance frameworks - including HIPAA, PCI-DSS, SOX (Type 1 & 2), SOC-2, ISO 27001, and Cyber Insurance - ensuring continuous readiness and zero material audit findings.
Lead audit cycles end-to-end: manage evidence collection, coordinate with external auditors and third-party vendors, and track remediation of all findings.
-
Manage endpoint detection and response (EDR) tools (e.g., CrowdStrike, Tenable) to monitor corporate endpoints across all entities, triage alerts, and drive incident response.
-
Conduct proactive threat hunting to identify and neutralize hidden threats. Own the incident response process including forensics and root cause analysis.
-
Implement and maintain RBAC frameworks and access governance controls across all IT systems for Skillz, Beamable, and RZR.
-
Own and maintain GIS policy documentation, ensuring security practices are current and aligned with organizational needs.
-
Lead the employee security awareness program including phishing simulations, training modules, and regular reviews.
-
Conduct new vendor security assessments and maintain ongoing vendor risk management.
-
Participate in the Security Council and fulfill SEC-related security reporting requirements.
-
Collaborate with Legal and People Ops on investigations, including lawsuits and internal inquiries.
Requirements
Do you have experience in Vulnerability scanning implementation?, Do you have a Bachelor's degree?, 1. Compliance Framework Expertise: Deep, hands-on experience with HIPAA, PCI-DSS, SOX, SOC-2, ISO 27001, and Cyber Insurance requirements. Able to manage multiple frameworks simultaneously across multiple entities.
-
Audit Leadership: Proven track record of leading successful audit cycles with external auditors, closing findings, and maintaining continuous audit readiness.
-
Endpoint & Network Security: Proficiency with EDR tools (CrowdStrike, Tenable), SIEM systems, IDS/IPS, firewall management, and network security principles.
-
Cloud Security: Understanding of securing cloud environments across AWS, Azure, or GCP including access controls, network configuration, and storage security.
-
Access Governance & RBAC: Experience designing and implementing role-based access control frameworks and access review processes.
-
Incident Response: Ability to lead incident response, perform forensic analysis, and drive root cause remediation.
-
Cross-Entity Collaboration: Comfort working across multiple business units or subsidiaries with different toolsets, risk profiles, and compliance obligations.
-
Independent Execution: Self-directed and highly organized; able to manage competing compliance deadlines without close supervision. US-hours availability for auditor and vendor interaction.
Experience:
-
BA/BS in Computer Science, Information Security, or a related field, or equivalent practical experience.
-
7+ years of hands-on experience in IT security and compliance roles, including direct ownership of audit cycles.
-
Demonstrated experience with at least three of the following frameworks: HIPAA, PCI-DSS, SOX, SOC-2, ISO 27001, Cyber Insurance.
-
Practical experience with leading EDR, SIEM, and vulnerability management tools (e.g., CrowdStrike, Tenable, Qualys, or equivalent).
-
Experience working across multiple business entities or subsidiaries is strongly preferred.